• We've upgraded our forums. Please post any issues/requests in this thread.

ernel32.dll Virus Removal

Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#1
I've googled this and followed the steps I found to remove it and it still comes back. I can't surf the net because of this Trojan.
I've ran malware bytes and it too can't remove it. I've tried Safe Mode manually deleting it and it still comes back. Right now I'm running super spyware removal to see if it can remove it.

Anyone ever had this or know how to get rid of it?

The virus is on a Laptop running windows xp.
 
Joined
Oct 12, 2008
Messages
5,654 (1.69/day)
Likes
2,605
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#2
Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#3
I know this is going to sound weird, but re-set your router. Then run Malwarebytes and see if it detects anything.

Got the idea from this thread - post 30:TDSS remnants - ERNEL32.DLL removal help please, Remnants of infection pop up on MBAM but aren't found in scan

Let us know how it works.:)
But this came from another house. Its not my laptop so this is a whole new router and internet connection for the laptop.

Super Anti Spyware remover found threats as well and removed it but it was still there on reboot in system 32. It also won't let me launch certain .exe's.
 

Mussels

Moderprator
Staff member
Joined
Oct 6, 2004
Messages
46,103 (9.57/day)
Likes
13,530
Location
Australalalalalaia.
System Name Daddy Long Legs
Processor Ryzen R7 1700, 3.9GHz 1.375v
Motherboard MSI X370 Gaming PRO carbon
Cooling Fractal Celsius S24 (Silent fans, meh pump)
Memory 16GB 2133 generic @ 2800
Video Card(s) MSI GTX 1080 Gaming X (BIOS modded to Gaming Z - faster and solved black screen bugs!)
Storage 1TB Intel SSD Pro 6000p (60TB USB3 storage)
Display(s) Samsung 4K 40" HDTV (UA40KU6000WXXY) / 27" Qnix 2K 110Hz
Case Fractal Design R5. So much room, so quiet...
Audio Device(s) Pioneer VSX-519V + Yamaha YHT-270 / sennheiser HD595/518 + bob marley zion's
Power Supply Corsair HX 750i (Platinum, fan off til 300W)
Mouse Logitech G403 + KKmoon desk-sized mousepad
Keyboard Corsair K65 Rapidfire
Software Windows 10 pro x64 (all systems)
Benchmark Scores Laptops: i7-4510U + 840M 2GB (touchscreen) 275GB SSD + 16GB i7-2630QM + GT 540M + 8GB
#4
try kasperskys 30 day trial.

malware bytes aint designed for antivirus, its just a spyware remover and nowhere near as good as a real AV.
 
Joined
Jul 26, 2010
Messages
1,655 (0.61/day)
Likes
729
Location
Philly
System Name Primary Rig
Processor Phenom II X4 B50 @ 3.7GHz
Motherboard Biostar TA790GX 128M
Cooling Sunbeam CR-CCTF 120mm , 6x120mm, MOS-C1
Memory 2x2GB Kingston HyperX 1066 @ 800 4-4-4-12
Video Card(s) Sapphire HD 5830 800/1000 @ 885/1225
Storage 320GB, 400GB, 500GB, 1.5TB
Display(s) Hannspree HF259
Case CM 690
Power Supply OCZ 850W
Benchmark Scores 3Dmark06: 18545/5219 CPU Mark 7.0: 3911.2 Cinebench R10: 11826/3359 x264 HD 2.0: 75.6/23.9
#5
combofix? If you've never used combofix before this is a good place to start.

MBAM is actually pretty weak in my experience and I use it mostly to let me know if somethings wrong, rather than to fix it. If something is messed up I switch to the hard stuff like manual removal and combofix.

A trick that works for me often enough is if you can gain complete control of the dll in question start by deleting it, then create a blank file named with the same name as the dll, then manually edit the permissions to prevent anyone (including yourself) from r/w/e. This has worked for me countless times when I just needed to get a virus to stop bugging me while I figured out what was spawning it.
 
Last edited:
Joined
Oct 12, 2008
Messages
5,654 (1.69/day)
Likes
2,605
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#6
Hmmmm... Is it connected to a wired or wireless connection now?

Use the repairs under preferences in Superantispyware to reset all ie explorer and hi-jack related problems. Run it again. And, make a bootable usb\cd and run this portable version from it.

That ernel32 virus is a form of rootkit. Nasty little bugger. Try this to:Malicious Software Removal Tool
Download here: Microsoft® Windows® Malicious Software Removal Tool (KB890830)

Also, try these, Avira Antivir Rescue System(iso) or Avira AntiVir Rescue System(exe)
Or\And, Kaspersky Rescue Disk 10

If all else fails combofix(A guide and tutorial on using ComboFix) or re-install the OS.

Sorry, a little slow in typing.
 
Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#7
combofix? If you've never used combofix before this is a good place to start.

MBAM is actually pretty weak in my experience and I use it mostly to let me know if somethings wrong, rather than to fix it. If something is messed up I switch to the hard stuff like manual removal and combofix.

A trick that works for me often enough is if you can gain complete control of the dll in question start by deleting it, then create a blank file named with the same name as the dll, then manually edit the permissions to prevent anyone (including yourself) from r/w/e. This has worked for me countless times when I just needed to get a virus to stop bugging me while I figured out what was spawning it.
Yeah I did Combo fix and got rid of it. Now however Combo fix has messed up my internet connection.

I can't seem to get an IP. Typing IPconfig in CMD results in access denied.

Now to fix this and the laptop should be good.
 
Joined
Oct 12, 2008
Messages
5,654 (1.69/day)
Likes
2,605
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#9
It also says

unable to open registry key for TCPIP

So I think the issue is deeper but I will try that.

I also tried WinSOC fix but that didn't do the trick either. :/

EDIT: That didn't work.

reading here they suggest its a driver issue. I think I remember the Combo fix deleting a driver something .sys
 
Joined
Oct 12, 2008
Messages
5,654 (1.69/day)
Likes
2,605
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#10
You are using wireless, I assume, so go to your hardware device manager and check the wireless devices. You may need to update or re-install a driver or two.
 
Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#11
Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#12
Now device manger says the hardware is there but Windows Wireless Network manager say the hardware isn't. I could do all but the last time following that TCIP IP reinstall guide and that was uninstall Internet protocol TCP/IP. It just hides the uninstall button.
 
Joined
Oct 12, 2008
Messages
5,654 (1.69/day)
Likes
2,605
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#13
As a side note you might want to run, in a (administrative)command prompt, the command "sfc /scannow" that is without the quotes; and, a space between the "c" and "/". To check your system files and repair any that may have been changed or altered, just to be on the safe side.

Edit: I had already started typing, before your post...

Have you re-booted yet?

I can't re-call to well on xp, but I believe you can un-install and install the protocols in the add\remove programs-add\remove components.
 
Last edited:
Joined
Jun 17, 2007
Messages
7,325 (1.91/day)
Likes
995
Location
C:\Program Files (x86)\Aphexdreamer\
System Name Unknown
Processor AMD Bulldozer FX8320 @ 4.4Ghz
Motherboard Asus Crosshair V
Cooling XSPC Raystorm 750 EX240 for CPU
Memory 8 GB CORSAIR Vengeance Red DDR3 RAM 1922mhz (10-11-9-27)
Video Card(s) XFX R9 290
Storage Samsung SSD 254GB and Western Digital Caviar Black 1TB 64MB Cache SATA 6.0Gb/s
Display(s) AOC 23" @ 1920x1080 + Asus 27" 1440p
Case HAF X
Audio Device(s) X Fi Titanium 5.1 Surround Sound
Power Supply 750 Watt PP&C Silencer Black
Software Windows 8.1 Pro 64-bit
#14
I'm good guys thanks. Did win sock and uninstalled Wireless NIC drivers. Worked upon reinstall.